summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-05-21 09:31:22 +0900
committerLennart Poettering <lennart@poettering.net>2014-05-21 09:36:49 +0900
commitf7dc3ab9f43b67abcbd34062b9352ab42debec49 (patch)
tree0a797055292a0741ef3f1cf473e3933926b42a74
parentf5c0c00f400e6f1fa58c5faf8bc93ca9057d4463 (diff)
logind: don't apply RemoveIPC= to system users
We shouldn't destroy IPC objects of system users on logout. http://lists.freedesktop.org/archives/systemd-devel/2014-April/018373.html This introduces SYSTEM_UID_MAX defined to the maximum UID of system users. This value is determined compile-time, either as configure switch or from /etc/login.defs. (We don't read that file at runtime, since this is really a choice for a system builder, not the end user.) While we are at it we then also update journald to use SYSTEM_UID_MAX when we decide whether to split out log data for a specific client.
-rw-r--r--Makefile.am4
-rw-r--r--configure.ac22
-rw-r--r--src/core/systemd.pc.in2
-rw-r--r--src/journal/journald-server.c2
-rw-r--r--src/shared/clean-ipc.c4
5 files changed, 30 insertions, 4 deletions
diff --git a/Makefile.am b/Makefile.am
index f2a3bbd024..1808f801cb 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4879,7 +4879,9 @@ substitutions = \
'|PYTHON=$(PYTHON)|' \
'|PYTHON_BINARY=$(PYTHON_BINARY)|' \
'|NTP_SERVERS=$(NTP_SERVERS)|' \
- '|DNS_SERVERS=$(DNS_SERVERS)|'
+ '|DNS_SERVERS=$(DNS_SERVERS)|' \
+ '|systemuidmax=$(SYSTEM_UID_MAX)|' \
+ '|systemgidmax=$(SYSTEM_GID_MAX)|'
SED_PROCESS = \
$(AM_V_GEN)$(MKDIR_P) $(dir $@) && \
diff --git a/configure.ac b/configure.ac
index 9a849ffe7b..c41f6c9a70 100644
--- a/configure.ac
+++ b/configure.ac
@@ -854,6 +854,26 @@ AC_ARG_WITH(time-epoch,
AC_DEFINE_UNQUOTED(TIME_EPOCH, [$TIME_EPOCH], [Time Epoch])
# ------------------------------------------------------------------------------
+AC_ARG_WITH(system-uid-max,
+ AS_HELP_STRING([--with-system-uid-max=UID]
+ [Maximum UID for system users]),
+ [SYSTEM_UID_MAX="$withval"],
+ [SYSTEM_UID_MAX="`awk 'BEGIN { uid=999 } /^\s*SYS_UID_MAX\s+/ { uid=$2 } END { print uid }' /etc/login.defs 2>/dev/null || echo 999`"])
+
+AC_DEFINE_UNQUOTED(SYSTEM_UID_MAX, [$SYSTEM_UID_MAX], [Maximum System UID])
+AC_SUBST(SYSTEM_UID_MAX)
+
+# ------------------------------------------------------------------------------
+AC_ARG_WITH(system-gid-max,
+ AS_HELP_STRING([--with-system-gid-max=GID]
+ [Maximum GID for system groups]),
+ [SYSTEM_GID_MAX="$withval"],
+ [SYSTEM_GID_MAX="`awk 'BEGIN { gid=999 } /^\s*SYS_GID_MAX\s+/ { gid=$2 } END { print gid }' /etc/login.defs 2>/dev/null || echo 999`"])
+
+AC_DEFINE_UNQUOTED(SYSTEM_GID_MAX, [$SYSTEM_GID_MAX], [Maximum System GID])
+AC_SUBST(SYSTEM_GID_MAX)
+
+# ------------------------------------------------------------------------------
have_localed=no
AC_ARG_ENABLE(localed, AS_HELP_STRING([--disable-localed], [disable locale daemon]))
if test "x$enable_localed" != "xno"; then
@@ -1256,6 +1276,8 @@ AC_MSG_RESULT([
Extra start script: ${RC_LOCAL_SCRIPT_PATH_START}
Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP}
Debug shell: ${SUSHELL} @ ${DEBUGTTY}
+ Maximum System UID: ${SYSTEM_UID_MAX}
+ Maximum System GID: ${SYSTEM_GID_MAX}
CFLAGS: ${OUR_CFLAGS} ${CFLAGS}
CPPFLAGS: ${OUR_CPPFLAGS} ${CPPFLAGS}
diff --git a/src/core/systemd.pc.in b/src/core/systemd.pc.in
index de0f6494e9..f8bccb5d6a 100644
--- a/src/core/systemd.pc.in
+++ b/src/core/systemd.pc.in
@@ -19,6 +19,8 @@ systemduserunitpath=${systemduserconfdir}:/etc/systemd/user:/run/systemd/user:/u
systemdsystemgeneratordir=@systemgeneratordir@
systemdusergeneratordir=@usergeneratordir@
catalogdir=@catalogdir@
+systemuidmax=@systemuidmax@
+systemgidmax=@systemgidmax@
Name: systemd
Description: systemd System and Service Manager
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 0439caf909..381d80a938 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -258,7 +258,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
if (s->runtime_journal)
return s->runtime_journal;
- if (uid <= 0)
+ if (uid <= SYSTEM_UID_MAX)
return s->system_journal;
r = sd_id128_get_machine(&machine);
diff --git a/src/shared/clean-ipc.c b/src/shared/clean-ipc.c
index ddd42cc2b2..cb1722614e 100644
--- a/src/shared/clean-ipc.c
+++ b/src/shared/clean-ipc.c
@@ -332,8 +332,8 @@ fail:
int clean_ipc(uid_t uid) {
int ret = 0, r;
- /* Refuse to clean IPC of the root user */
- if (uid == 0)
+ /* Refuse to clean IPC of the root and system users */
+ if (uid <= SYSTEM_UID_MAX)
return 0;
r = clean_sysvipc_shm(uid);